Novell Home

CVE-2014-0160

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0160 at MITRE

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Note from the SUSE Security Team

This issue does only affect openssl 1.0.1 releases before 1.0.1g. This means that SUSE Linux Enterprise Server 11 and older versions with openssl 0.9.8 are not affected. Only openSUSE 12.3 and 13.1 are shipping affected versions currently.,This issue does only affect openssl 1.0.1 releases before 1.0.1g. This means that SUSE Linux Enterprise Server 11 and older versions with openssl 0.9.8 are not affected. Only openSUSE 12.3 and 13.1 are shipping affected versions currently.

Novell Bugzilla entry: 872299

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Security Module 11 SP3
  • libopenssl1-devel >= 1.0.1g-0.12.1
  • libopenssl1_0_0 >= 1.0.1g-0.12.1
  • openssl1 >= 1.0.1g-0.12.1
  • openssl1-doc >= 1.0.1g-0.12.1
Builds
SAT Patch Nr: 9134
SUSE Linux Enterprise Security Module 11 SP3
  • libopenssl1-devel >= 1.0.1g-0.12.1
  • libopenssl1_0_0 >= 1.0.1g-0.12.1
  • libopenssl1_0_0-x86 >= 1.0.1g-0.12.1
  • openssl1 >= 1.0.1g-0.12.1
  • openssl1-doc >= 1.0.1g-0.12.1
Builds
SAT Patch Nr: 9134
SUSE Linux Enterprise Security Module 11 SP3
  • libopenssl1-devel >= 1.0.1g-0.12.1
  • libopenssl1_0_0 >= 1.0.1g-0.12.1
  • libopenssl1_0_0-32bit >= 1.0.1g-0.12.1
  • openssl1 >= 1.0.1g-0.12.1
  • openssl1-doc >= 1.0.1g-0.12.1
Builds
SAT Patch Nr: 9134

© 2014 Novell